Are we going towards a world where antivirus software will become too slow?

In Symantec's 10th
Internet Security Threats Report,
it is noted that
in 2006, over 6700 new Windows viruses were identified. The number here
may seem innocent in itself, but think about this... we've had viruses
since I've been hearing of personal computers (there were already
viruses on Commodore Amigas and Apple IIs in the eighties - granted
they didn't propagate by themselves and you had to share them by giving
an infected floppy to a friend). But the progression rate is
accelerating. Every year sees even more new viruses than the previous.

What will the impact of this be on your every day activity if you use
an operating system that is a heavy target for viruses?

In the comming years, your computer will, for every sensitive file
accessed (executables, dynamic libraries, shared object code in
general) need to scan that file for multiple tens of thousands of
different virus signatures. Even with strong optimisation of scanning
code and disk access, this heavy activity won't be without effect on
the reaction time of the computer. Even today, if you want to play it
unsafe for a few minutes and turn off your antivirus, you will
notice your machine is significantly faster in running various
activities.

What can we do about it?

Maybe the first thing to do is, and should be, to consider deploying
operating systems that are not as sensitive to viruses and other
malicious code. Consider operating systems that have proper user
permissions, that don't encourrage the actual user to log in as
administrator for day to day activities. Make sure that your operating
system of choice is designed so that user-triggered programms can't
modify system parameters or files. Pick an operating system for which
the only possibility for malicious code to run efficiently is to
exploit an implementation bug, rather than a normally planned feature.

This is sometimes more feasible on the server side, than on the desktop
side. But it will already help a lot if your server infrastructure can
perform at full speed while being almost completely insensitive to the
usual malicious code out there.

If you can't change your desktop, then you will be stuck with degraded
performance as antivirus software around the world struggles to scan
for more and more vulnerabilities. You can partially mitigate this by
first protecting your machines from external aggressions (by deploying
host based firewalls), which will limit the number of worm infections,
but will not necessarily protect your machine from infected documents
and client-side attacks. Then you need to educate your users seriously
about the risks of infection of their machine from third party content.
It's mostly a lost battle, as history has shown.

It seems that the price to pay for using insecure platforms will be of
not being able to fully use the computing power of our machines, in
addition to the risks of infection by malicious code.

This speed issue is being addresses by several companies via the cloud. It seems that cloud computing can take a severe load off a local CPU and perform just as well as an AV solution. It is still young tech, but it is certainly evolving on a daily basis.